Android / Security
Mitigating Android Social Engineering Attacks
How to patch the user vulnerability if Android can’t do it?
Series outline:
- Part 1: A Short History of Mobile Malware
- Part 2: The Layers of the Android Security Model
- Part 3: Mitigating Android Social Engineering Attacks (you are here)
In the first part of the series, we have identified that the user is the primary vulnerability exploited by attackers.
Subsequently, in the second part, we have seen the security measures enforced by Android at the OS level and the application level. This enabled us to better understand why the operating system itself is a harder target than the user.
However, so far, we have explored only the problem.
But what is the solution?
We will take up where we left off in the last part — user security.
User Security
We have already seen the multitude of mechanisms enforced by Android to ensure the overall security of the system.
However, the user is still the decisive factor when it comes to the successful execution of a malicious action.
Let’s first understand a social engineering attack before seeing how we can protect against it.
Social Engineering
Social engineering (SE) is the term used for malicious attacks that involve human interaction. It uses psychological manipulation to trick users into giving sensitive details or commit security mistakes.
Even if the team at Android implemented the most complete security solution, it wouldn’t be enough to defend gullible users against SE attacks.
